<?php

include_once "regsettings.php";


//force redirect to secure page
if($_SERVER['SERVER_PORT'] != '443') 
{ 
	header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); 
	exit(); 
}

session_start();

// includes
include_once REG_CONNECT_FILE;
include_once REG_QUERY_FILE;


if (isset($_REQUEST['username'])) {
	$username = $_REQUEST['username'];
}
else {
	$username = "";
} 

if (isset($_REQUEST['password'])) {
	$password = $_REQUEST['password'];
}
else {
	$password = "";
} 

if (!empty($_REQUEST['referrer'])) {
	$referrer = $_REQUEST['referrer'];
}
else {
	$referrer = REG_DEFAULTPAGE;
} 

if (isset($_REQUEST['logmode'])) {
	$logmode = $_REQUEST['logmode'];
}
else {
	$logmode = "";
} 	

if($logmode == 'Login') {
		$hashsalt = 'Change this default salt 0394ufw90w';
		
		
		$user_id = lookup_value("user_id", REG_USER_TABLE," username='$username'");
//		print "user_id='".$login_id."'" . "\nUser ID is: " . $user_id;
		$stored_pass = lookup_value("password", REG_USER_TABLE," user_id = '$user_id'" );
		$temp_pass = lookup_value("temp_pass", REG_USER_TABLE," user_id = '$user_id' AND temp_expire_date > NOW()" );	
		//print "\nStoredPass  is: " . $stored_pass;
		
		// Set session variables for user_id and username
		


		$passhash = md5($hashsalt . $password);
		
		//print "Given pass hash: $passhash Stored Pass hash: $stored_pass Temp Pass Hash: $temp_pass";
		
		if(($passhash === $stored_pass) OR ($password === $temp_pass)){

			$_SESSION['user_is_logged_in'] = 1;
			$_SESSION['user_id'] = $user_id;
			$_SESSION['username'] = $username;			
		
			$qry_get_permissions = "SELECT page_name, permission FROM " . REG_USERS_ROLES . " 
			JOIN " . REG_ROLES_PAGES . " ON users_roles.role_id = roles_pages.role_id
			WHERE user_id = $user_id ";
			
			
			//echo "$qry_get_permissions";			
			$arr_pages = get_array_query($qry_get_permissions);

			foreach ($arr_pages AS $page_permission){

				$page_name = $page_permission['page_name'];
				$permission = $page_permission['permission'];
				//print "PAGE: $page_name -> $permission";			
				$_SESSION[$page_name] = $permission;
			}
			// Un-comment if you want to track the last login, or save the db write time
			do_query("UPDATE users SET last_login_date = now() WHERE user_id = $user_id");			

			// Not that we are logged in and permissions are established, go to referring page
			header ("Location: ".$referrer);
			exit;				
			}
			else {
				$user_is_logged_in = 0;
				$_SESSION['user_is_logged_in'] = 0;
				$message =  REG_MSG_BADLOGIN;
			
			}			

		}

		
	
	
	if($logmode == 'logout') {
		$_SESSION['user_is_logged_in'] = 0;
	
	//	$qry_get_permissions = "SELECT DISTINCT page_name FROM " . REG_USER_PAGES . " WHERE user_id = $user_id";
	//	$get_permissions_list = mysql_query($qry_get_permissions) or die(mysql_error());
	//	while($resultsarray = mysql_fetch_assoc($get_permissions_list)) {
	//		$curr_element = $resultsarray['page_name'];
	//		unset($_SESSION[$curr_element]);
	//	}
	
	
		session_destroy();

	}	
	
	
	?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>QuickCrud App (950 width 150 menu)</title>
	<style type="text/css" media="all">@import "tplreg/qctstyle.css";</style>	
</head>

<body>

 <div id="Header">
	<?php include "tplreg/header.php" ?>
</div> <!-- End Header -->

 <div id="Menu">
<?php include "tplreg/leftmenu.php" ?>
</div> <!-- End Menu -->

<div id="Content">

<div id="topnote">
<?php print $message ?>
</div> <!-- end topnote -->
<div id="maincontent" >
	<div id="register">
	New?  Signup <a href="registration.php?mode=Add">Here</a>
	</div>
<form name="loginform" action="login.php" method="post">
<div id="entry_username" class="entries">
<div class="heading">Username</div>
<input type="text" name="username" size="20" value="<?php print $username ?>"/>
</div>

<div id="entry_password" class="entries">
<div class="heading">Password</div>
<input type="password" name="password" size="20" />
</div>

<div class="controls">
<input type="submit" name="logmode" value="Login">
</div>
<input type="hidden" name="referrer" value="<?php print $referrer ?>">
</form>
<div id="forgotten">
<h5>Forgot your login information?
Click <a href="lostlogin.php">Here </a> </h5>
</div> <!-- end forgetten -->

</div> <!-- end maincontent -->

</div> <!-- end Content -->

<div id="Footer">
<?php include "tplreg/footer.php" ?>
</div>

</body>

</html>